Module: Fields::HtmlEditorHelper

Defined in:

app/helpers/fields/html_editor_helper.rb

Constant Summary

TEMPORARY_REPLACEMENT =

"https://temp.bullettrain.co/"

Instance Method Summary

• #html_sanitize(string) ⇒ Object
• #links_target_blank(body) ⇒ Object

Instance Method Details

#html_sanitize(string) ⇒ Object

# File 'app/helpers/fields/html_editor_helper.rb', line 4

def html_sanitize(string)
  return string unless string
  # TODO this is a hack to get around the fact that rails doesn't allow us to add any acceptable protocols.
  string = string.gsub("bullettrain://", TEMPORARY_REPLACEMENT)
  string = sanitize(string, tags: %w[div br strong em b i del a h1 blockquote pre ul ol li], attributes: %w[href])
  # given the limited scope of what we're doing here, this string replace should work.
  # it should also use a lot less memory than nokogiri.
  string = string.gsub(/<a href="#{TEMPORARY_REPLACEMENT}(.*?)\/.*?">(.*?)<\/a>/o, "<span class=\"tribute-reference tribute-\\1-reference\">\\2</span>").html_safe

  # Also, while we're at it ...
  links_target_blank(string).html_safe
end

#links_target_blank(body) ⇒ Object

# File 'app/helpers/fields/html_editor_helper.rb', line 17

def links_target_blank(body)
  doc = Nokogiri::HTML(body)
  doc.css("a").each do |link|
    link["target"] = "_blank"
    # To avoid window.opener attack when target blank is used
    # https://mathiasbynens.github.io/rel-noopener/
    link["rel"] = "noopener"
  end
  doc.to_s
end